diff options
| author | rinpatch <rinpatch@sdf.org> | 2020-11-12 12:34:48 +0000 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-11-12 12:34:48 +0000 |
| commit | 1172844ed18d94d84724dc6f11c6e9f72e0ba6ec (patch) | |
| tree | 7d48a259e08856ab6db0eba255f20c0c19410463 /test/web/auth/basic_auth_test.exs | |
| parent | a0f5e8b27edbe2224d9c2c3997ad5b8ea484244b (diff) | |
| parent | b4c6b262d6dc12362f0014a864e8aed6c727c39c (diff) | |
| download | pleroma-2.2.0.tar.gz | |
Merge branch 'release/2.2.0' into 'stable'v2.2.0
Release/2.2.0
See merge request pleroma/secteam/pleroma!19
Diffstat (limited to 'test/web/auth/basic_auth_test.exs')
| -rw-r--r-- | test/web/auth/basic_auth_test.exs | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/test/web/auth/basic_auth_test.exs b/test/web/auth/basic_auth_test.exs deleted file mode 100644 index bf6e3d2fc..000000000 --- a/test/web/auth/basic_auth_test.exs +++ /dev/null @@ -1,46 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.Auth.BasicAuthTest do - use Pleroma.Web.ConnCase - - import Pleroma.Factory - - test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{ - conn: conn - } do - user = insert(:user) - assert Pbkdf2.verify_pass("test", user.password_hash) - - basic_auth_contents = - (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test")) - |> Base.encode64() - - # Succeeds with HTTP Basic Auth - response = - conn - |> put_req_header("authorization", "Basic " <> basic_auth_contents) - |> get("/api/v1/accounts/verify_credentials") - |> json_response(200) - - user_nickname = user.nickname - assert %{"username" => ^user_nickname} = response - - # Succeeds with a properly scoped OAuth token - valid_token = insert(:oauth_token, scopes: ["read:accounts"]) - - conn - |> put_req_header("authorization", "Bearer #{valid_token.token}") - |> get("/api/v1/accounts/verify_credentials") - |> json_response(200) - - # Fails with a wrong-scoped OAuth token (proof of restriction) - invalid_token = insert(:oauth_token, scopes: ["read:something"]) - - conn - |> put_req_header("authorization", "Bearer #{invalid_token.token}") - |> get("/api/v1/accounts/verify_credentials") - |> json_response(403) - end -end |